Config is double checking blacklists

Glenn Steen glenn.steen at gmail.com
Wed Aug 23 11:16:22 IST 2006 

On 22/08/06, Nigel Kendrick <support-lists at petdoctors.co.uk> wrote:
> Hi Folks,
>
> I noticed we were suddenly getting a lot of our own outbound mail marked as
> spam. The root cause was we'd ended up in CBL due to a mis-configured server
> name, but in sorting this out, I noticed the following info at Spamhaus..
>
> ===
>
> Exploits Block List
>
> The Spamhaus Exploits Block List (XBL) is a realtime database of IP
> addresses of illegal 3rd party exploits, including open proxies (HTTP,
> socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and
> other types of trojan-horse exploits.
>
> Incorporates CBL data and NJABL proxy data
>
> The XBL wholly incorporates data from two highly-trusted DNSBL sources, with
> tweaks by Spamhaus to maximise the data efficiency and lower False
> Positives. The main components are:
> - the CBL (Composite Block List) from cbl.abuseat.org
> - the NJABL Open Proxy IPs list from www.njabl.org.
>
> Mail servers already using cbl.abuseat.org should NOT also use
> xbl.spamhaus.org or you will be making 'double' queries to basically the
> same data source and only one DNSBL will appear to work (the other(s) will
> appear to not catch anything). Mail servers already using dnsbl.njabl.org
> are advised to continue doing so, as dnsbl.njabl.org is itself a composite
> list and contains more than the open proxy IPs list part now incorporated in
> XBL.
>
> ===
>
> The only reason I point this out is that my installation of MailScanner et.
> Al was originally done using Johnny Hughes' excellent howto and by default,
> the spam checking rules used list both SBL+XBL and CBL, which according to
> the above means we are effectively double-checking and any 'hit' will count
> as 2 towards 'spam lists to be spam'.
>
> If my assumption is correct, will I be OK to remove SBL+XBL and replace it
> with spamhaus.org in order to not check both XBL and CBL?
>
> Thanks
>
Wouldn't the natural thing to do be to remove CBL and keep SBL-XBL?
Also, search the mailing list archives, there has been a fair amount
of discussion of where to do rbl checking (MTA, MS or SA) whith some
fairly informed opinions:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list